PwC processes personal data in connection with notification to our whistleblower function.
The notifier and the person(s) involved in the alleged wrongdoing.
Categories of personal data
PwC processes non-sensitive personal data about the notifier and the person whom the notification concerns.
PwC processes data relating to criminal acts and offences, including serious misconduct – or suspicions thereof – which may have an impact on PwC as a whole or which can be of vital importance to the life or health of individuals. This may be the case, for example, in connection with suspicion of serious financial crime, including bribery, fraud and forgery.
Legal basis for processing
PwC processes personal data that are necessary for us to pursue our legitimate interest in investigating any criminal acts put forward in notifications received, see Article 6(1)(f) of the General Data Protection Regulation.
In addition, PwC processes data relating to criminal convictions and offences in order to investigate any criminal acts put forward in notifications, see Article 10 of the General Data Protection Regulation, and section 8(3) of the Danish Act on the Processing of Personal Data.
Period of retention
Data are deleted as soon as the notification has been processed and closed.
PwC does not, as a general rule, disclose personal data. However, PwC may disclose data to advisers, including lawyers, as well as to the police. In addition, we engage data processors, including IT suppliers, to whom we make personal data available. PwC enters into data processing agreements with all data processors to ensure appropriate security.